Hello,
We have a windows server using MailEnable Standard, we also use MXScan, we have been receiving a DDos Mail SMTP attack for the last 2-3 months, as can be seen in the log record below, multiple attacks are made within seconds to addresses that are hosted on our domain name server but do not have a mailbox, and In this case, MailEnable SMTP slows down and sometimes goes into Busy mode, stopping the processes, what can we do about this, please help. Thanks.
08/28/23 00:15:03 SMTP-IN 9D266D35564D41488E0383D7DE5AEEEF.MAI 1056 97.104.65.82 MAIL MAIL FROM:<pvlmizf75fql0oa2@mazda.od.ua> 250 Requested mail action okay, completed 43 42
08/28/23 00:15:04 SMTP-IN 9D266D35564D41488E0383D7DE5AEEEF.MAI 1056 97.104.65.82 RCPT RCPT TO:<f7mal5ocflnrj@esramalzemecilik.com> 550 Requested action not taken: mailbox unavailable or not local. 67 3978
08/28/23 00:15:04 SMTP-IN 9D266D35564D41488E0383D7DE5AEEEF.MAI 1056 97.104.65.82 RCPT RCPT TO:<jjackson@esramalzemecilik.com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
08/28/23 00:15:04 SMTP-IN 9D266D35564D41488E0383D7DE5AEEEF.MAI 1056 97.104.65.82 RCPT RCPT TO:<ljones@esramalzemecilik.com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
08/28/23 00:15:04 SMTP-IN 9D266D35564D41488E0383D7DE5AEEEF.MAI 1056 97.104.65.82 RCPT RCPT TO:<cwilson@esramalzemecilik.com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
08/28/23 00:15:04 SMTP-IN 9D266D35564D41488E0383D7DE5AEEEF.MAI 1056 97.104.65.82 RCPT RCPT TO:<katya@esramalzemecilik.com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
08/28/23 00:15:04 SMTP-IN 9D266D35564D41488E0383D7DE5AEEEF.MAI 1056 97.104.65.82 RCPT RCPT TO:<kamil@esramalzemecilik.com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
08/28/23 00:15:04 SMTP-IN 9D266D35564D41488E0383D7DE5AEEEF.MAI 1056 97.104.65.82 RCPT RCPT TO:<cad@esramalzemecilik.com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
08/28/23 00:15:04 SMTP-IN 9D266D35564D41488E0383D7DE5AEEEF.MAI 1056 97.104.65.82 RCPT RCPT TO:<msk@esramalzemecilik.com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
08/28/23 00:15:04 SMTP-IN 9D266D35564D41488E0383D7DE5AEEEF.MAI 1056 97.104.65.82 RCPT RCPT TO:<kelley@esramalzemecilik.com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
08/28/23 00:15:04 SMTP-IN 9D266D35564D41488E0383D7DE5AEEEF.MAI 1056 97.104.65.82 RCPT RCPT TO:<julius@esramalzemecilik.com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
08/28/23 00:15:04 SMTP-IN 9D266D35564D41488E0383D7DE5AEEEF.MAI 1056 97.104.65.82 RCPT RCPT TO:<kiki@esramalzemecilik.com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
08/28/23 00:15:04 SMTP-IN 9D266D35564D41488E0383D7DE5AEEEF.MAI 1056 97.104.65.82 RCPT RCPT TO:<jodie@esramalzemecilik.com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
08/28/23 00:15:04 SMTP-IN 9D266D35564D41488E0383D7DE5AEEEF.MAI 1056 97.104.65.82 RCPT RCPT TO:<el@esramalzemecilik.com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
08/28/23 00:15:04 SMTP-IN 9D266D35564D41488E0383D7DE5AEEEF.MAI 1056 97.104.65.82 RCPT RCPT TO:<ph@esramalzemecilik.com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
08/28/23 00:15:04 SMTP-IN 9D266D35564D41488E0383D7DE5AEEEF.MAI 1056 97.104.65.82 RCPT RCPT TO:<konkurs@esramalzemecilik.com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
08/28/23 00:15:04 SMTP-IN 9D266D35564D41488E0383D7DE5AEEEF.MAI 1056 97.104.65.82 RCPT RCPT TO:<bwilliams@esramalzemecilik.com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
08/28/23 00:15:04 SMTP-IN 9D266D35564D41488E0383D7DE5AEEEF.MAI 1056 97.104.65.82 RCPT RCPT TO:<daryl@esramalzemecilik.com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
08/28/23 00:15:04 SMTP-IN 9D266D35564D41488E0383D7DE5AEEEF.MAI 1056 97.104.65.82 RCPT RCPT TO:<henrique@esramalzemecilik.com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
08/28/23 00:15:04 SMTP-IN 9D266D35564D41488E0383D7DE5AEEEF.MAI 1056 97.104.65.82 RCPT RCPT TO:<dgarcia@esramalzemecilik.com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
08/28/23 00:15:04 SMTP-IN 9D266D35564D41488E0383D7DE5AEEEF.MAI 1056 97.104.65.82 RCPT RCPT TO:<webshop@esramalzemecilik.com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
08/28/23 00:15:04 SMTP-IN 9D266D35564D41488E0383D7DE5AEEEF.MAI 1056 97.104.65.82 RCPT RCPT TO:<elsa@esramalzemecilik.com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
08/28/23 00:15:04 SMTP-IN 9D266D35564D41488E0383D7DE5AEEEF.MAI 1056 97.104.65.82 RCPT RCPT TO:<emilie@esramalzemecilik.com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
08/28/23 00:15:04 SMTP-IN 9D266D35564D41488E0383D7DE5AEEEF.MAI 1056 97.104.65.82 RCPT RCPT TO:<laurent.laguillo@esramalzemecilik.com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
08/28/23 00:15:04 SMTP-IN 9D266D35564D41488E0383D7DE5AEEEF.MAI 1056 97.104.65.82 RCPT RCPT TO:<in@esramalzemecilik.com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
08/28/23 00:15:04 SMTP-IN 9D266D35564D41488E0383D7DE5AEEEF.MAI 1056 97.104.65.82 RCPT RCPT TO:<admin3@esramalzemecilik.com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
08/28/23 00:15:04 SMTP-IN 9D266D35564D41488E0383D7DE5AEEEF.MAI 1056 97.104.65.82 RCPT RCPT TO:<brigitte@esramalzemecilik.com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
08/28/23 00:15:04 SMTP-IN 9D266D35564D41488E0383D7DE5AEEEF.MAI 1056 97.104.65.82 RCPT RCPT TO:<collin@esramalzemecilik.com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
08/28/23 00:15:04 SMTP-IN 9D266D35564D41488E0383D7DE5AEEEF.MAI 1056 97.104.65.82 RCPT RCPT TO:<df@esramalzemecilik.com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
08/28/23 00:15:04 SMTP-IN 9D266D35564D41488E0383D7DE5AEEEF.MAI 1056 97.104.65.82 RCPT RCPT TO:<bookkeeper@esramalzemecilik.com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
08/28/23 00:15:04 SMTP-IN 9D266D35564D41488E0383D7DE5AEEEF.MAI 1056 97.104.65.82 RCPT RCPT TO:<stuff@esramalzemecilik.com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
08/28/23 00:15:04 SMTP-IN 9D266D35564D41488E0383D7DE5AEEEF.MAI 1056 97.104.65.82 RCPT RCPT TO:<abel@esramalzemecilik.com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
08/28/23 00:15:04 SMTP-IN 9D266D35564D41488E0383D7DE5AEEEF.MAI 1056 97.104.65.82 RCPT RCPT TO:<pg@esramalzemecilik.com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
08/28/23 00:15:04 SMTP-IN 9D266D35564D41488E0383D7DE5AEEEF.MAI 1056 97.104.65.82 RCPT RCPT TO:<si@esramalzemecilik.com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
08/28/23 00:15:04 SMTP-IN 9D266D35564D41488E0383D7DE5AEEEF.MAI 1056 97.104.65.82 RCPT RCPT TO:<copy@esramalzemecilik.com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
08/28/23 00:15:04 SMTP-IN 9D266D35564D41488E0383D7DE5AEEEF.MAI 1056 97.104.65.82 RCPT RCPT TO:<france@esramalzemecilik.com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
08/28/23 00:15:05 SMTP-IN 9D266D35564D41488E0383D7DE5AEEEF.MAI 1056 97.104.65.82 RCPT RCPT TO:<darryl@esramalzemecilik.com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
08/28/23 00:15:05 SMTP-IN 9D266D35564D41488E0383D7DE5AEEEF.MAI 1056 97.104.65.82 RCPT RCPT TO:<hayden@esramalzemecilik.com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
08/28/23 00:15:05 SMTP-IN 9D266D35564D41488E0383D7DE5AEEEF.MAI 1056 97.104.65.82 RCPT RCPT TO:<accountsreceivable@esramalzemecilik.com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
08/28/23 00:15:05 SMTP-IN 9D266D35564D41488E0383D7DE5AEEEF.MAI 1056 97.104.65.82 RCPT RCPT TO:<mama@esramalzemecilik.com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
08/28/23 00:15:05 SMTP-IN 9D266D35564D41488E0383D7DE5AEEEF.MAI 1056 97.104.65.82 RCPT RCPT TO:<ouvidoria@esramalzemecilik.com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
08/28/23 00:15:05 SMTP-IN 9D266D35564D41488E0383D7DE5AEEEF.MAI 1056 97.104.65.82 RCPT RCPT TO:<garry@esramalzemecilik.com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
08/28/23 00:15:05 SMTP-IN 9D266D35564D41488E0383D7DE5AEEEF.MAI 1056 97.104.65.82 RCPT RCPT TO:<del@esramalzemecilik.com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
08/28/23 00:15:05 SMTP-IN 9D266D35564D41488E0383D7DE5AEEEF.MAI 1056 97.104.65.82 RCPT RCPT TO:<timo@esramalzemecilik.com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
08/28/23 00:15:05 SMTP-IN 9D266D35564D41488E0383D7DE5AEEEF.MAI 1056 97.104.65.82 RCPT RCPT TO:<mgomez@esramalzemecilik.com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
DDos Attack problem
-
Admin
- Site Admin
- Posts: 1093
- Joined: Mon Jun 10, 2002 6:31 pm
- Location: Melbourne, Victoria, Australia
Re: DDos Attack problem
You can block the IP address at the SMTP service using the Access Control. With the 550 error you should also be able to use the connection dropping feature. Alternatively, blocking the IP at the firewall will help, if there are not many IPs connecting to your SMTP service.
Re: DDos Attack problem
Hello,
thanks for your reply. IP is not fixed, we get 100 attacks like this from 50-60 different IP addresses during the day. It is not possible to block each IP address individually, and when we turn on the automatic IP blocking system, after a certain period of time, because the list gets too full (eg 10,000 lines), mailenable gets locked and stops mail exchange. Where can we set the 550 error disconnection you mentioned? I need your ideas on how a different way can be followed in this regard.
Thanks.
thanks for your reply. IP is not fixed, we get 100 attacks like this from 50-60 different IP addresses during the day. It is not possible to block each IP address individually, and when we turn on the automatic IP blocking system, after a certain period of time, because the list gets too full (eg 10,000 lines), mailenable gets locked and stops mail exchange. Where can we set the 550 error disconnection you mentioned? I need your ideas on how a different way can be followed in this regard.
Thanks.
Re: DDos Attack problem
yes here as well - I've noticed the following
1. seems to have started here after I installed the latest MailEnable version - before that did not see this. (not sure related yet, but likely going to go back to pervious version to just to see if it stops)
2. the domain provided in the EHLO and MAIL (From). never match -
3. for me, the ip gets added to the banned list after the 3rd RCPT command in a row (I have the threshold for bad commands set to 3) - but the connection is not dropped immediately, and receives another 97 RCPT commands, then just goes away. (exactly 100 logged RCPT commands every time)
4. occasionally the domain they are spoofing will return an EMPTY DNS PTR (no response, confirmed from NSLOOKUP) most times however it does return a reverse lookup so the reverse PTR test passes). On the cases where "nothing" is returned and I mean nothing, I would expect NXDOMAIN, or an error) the log file showed a [9501] and then clearly says: connection allowed - seems to me like a no response should work the same way as NO PTR (or any other error) and make it go away with "SERVER requires PTR..."
I currently get about 1 sequence of these attempts apparently originating from various providers every hours or so. The IP gets blocked but of course it will never be the same twice and the list just grows.
The latest one was from
108.26.185.231 EHLO EHLO pool-108-26-185-231.bstnma.fios.verizon.net (removed)
108.26.185.231 MAIL MAIL FROM:<qi86h3fmc5x4@rominserv.com>
Since the attack has not come from the same IP twice at any time since it started, adding it to the list is actually of no value.
1. seems to have started here after I installed the latest MailEnable version - before that did not see this. (not sure related yet, but likely going to go back to pervious version to just to see if it stops)
2. the domain provided in the EHLO and MAIL (From). never match -
3. for me, the ip gets added to the banned list after the 3rd RCPT command in a row (I have the threshold for bad commands set to 3) - but the connection is not dropped immediately, and receives another 97 RCPT commands, then just goes away. (exactly 100 logged RCPT commands every time)
4. occasionally the domain they are spoofing will return an EMPTY DNS PTR (no response, confirmed from NSLOOKUP) most times however it does return a reverse lookup so the reverse PTR test passes). On the cases where "nothing" is returned and I mean nothing, I would expect NXDOMAIN, or an error) the log file showed a [9501] and then clearly says: connection allowed - seems to me like a no response should work the same way as NO PTR (or any other error) and make it go away with "SERVER requires PTR..."
I currently get about 1 sequence of these attempts apparently originating from various providers every hours or so. The IP gets blocked but of course it will never be the same twice and the list just grows.
The latest one was from
108.26.185.231 EHLO EHLO pool-108-26-185-231.bstnma.fios.verizon.net (removed)
108.26.185.231 MAIL MAIL FROM:<qi86h3fmc5x4@rominserv.com>
Since the attack has not come from the same IP twice at any time since it started, adding it to the list is actually of no value.
-
Admin
- Site Admin
- Posts: 1093
- Joined: Mon Jun 10, 2002 6:31 pm
- Location: Melbourne, Victoria, Australia
Re: DDos Attack problem
The EHLO in a lot of cases does not match. The EHLO domain would be the domain of the server, whereas the MAIL FROM would be the sender of the email. So if you have an ISP which is service multiple domains the EHLO can indicate the same for all of them. Send from hotmail and the EHLO will be outlook.com, but the address will be hotmail.com.
If you get a lot of RCPT TO commands, but it is blocked earlier, it is likely that they are sending it just as a batch, so the mail server will receive them together, and have to go through each one. It will stop, disconnect, ban, etc. at the limit, but the logs may show the complete received string.
A 9501 error for PTR check will either be that they are denied, or that the SMTP is configured to pass this to the spam filter for weighting. The log will show what it is doing in this case.
If you get a lot of RCPT TO commands, but it is blocked earlier, it is likely that they are sending it just as a batch, so the mail server will receive them together, and have to go through each one. It will stop, disconnect, ban, etc. at the limit, but the logs may show the complete received string.
A 9501 error for PTR check will either be that they are denied, or that the SMTP is configured to pass this to the spam filter for weighting. The log will show what it is doing in this case.
Re: DDos Attack problem
At what point in the process does the system drop if the PTR is not valid ?
seems like the system responds with a lot of 550 before that last one says 554
(not they have also told us there will be not PTR in their EHLO "no-reverse-dns" )
even though this particular sequence should have tripped I believe based on the "Reject senders without PTR" before even accepting the RCPT it did not appear to do that. .
the next setting "Connection Dropping" Drop at 3 - add to denied (checked) there is nothing here that indicates it dropped the connection and it did not add it to the blocked list.
51.52.243.18 EHLO EHLO no-reverse-dns.metronet-uk.com 250-(masked).com [51.52.243.18], this server offers 5 extensions 164 37
51.52.243.18 MAIL MAIL FROM:<pviom0g8lnlw@bhc-int.cz> 250 Requested mail action okay, completed 43 37
51.52.243.18 RCPT RCPT TO:<bqg0w0b70rxfl@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 3123
51.52.243.18 RCPT RCPT TO:<katherine@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<johnny@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<yvonne@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
** debug log starts showing Unauthenticated IP address 51.52.243.18 banned for too many invalid commands. and does so for all remaining RCPT
51.52.243.18 RCPT RCPT TO:<lily@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<ellen@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<vip@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<jd@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<segreteria@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<info1@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<gustavo@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<roy@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<isaac@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<6ziyb0z4bu2y46@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<nicholas@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<recruiting@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<manuel@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<jsmith@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<anonymous@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<albert@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<ukbbq2xh4u7l@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<jeffrey@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<andres@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<andrey@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<dw3ambyo2oj38@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<mustafa@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<leah@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<r37rnhtpymc5@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<voicemail@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<irene@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<trevor@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<mb@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<x3r66ez7r0v5@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<ethan@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<ross@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<tv@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<molly@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<sophia@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<omar@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<francisco@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<joanna@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<silvia@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<contracts@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<ml@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<rahul@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<mariana@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<guest@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<arthur@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<aem8g31dlfl5ua@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<bills@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<felix@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<x5nkz5hwa6trx@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<chelsea@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<cody@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<dawn@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<copier@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<sa@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<b@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<karina@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<sally@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<joy@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<wholesale@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<operaciones@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<fbl@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<joey@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<donations@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<dm@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<valerie@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<lynn@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<nfe@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<zoe@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<t@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<tanaka@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<brent@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<alejandro@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<technical@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<sk@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<company@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<grant@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<elaine@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<marta@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<jasmine@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<esther@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<aj@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<registrar@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<tammy@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<renee@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<mia@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<alyssa@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<reg@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<facturas@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<majordomo@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<stuart@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<sklad@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<backoffice@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<marcos@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<alexandre@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<simone@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<w1w40rj44fc5@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<fb@(masked).com> 554 This server requires PTR for unauthenticated connections. 63 0
at the of this sequence in the associated debug log it finishes with:
[1064] Message marked as spam: (51.52.243.18) was found in DNSBL Spamcop.
[1064] Recipient Denied: (51.52.243.18) has no PTR. Result 9003.
Unauthenticated IP address 51.52.243.18 banned for too many invalid commands.
Unauthenticated IP address 51.52.243.18 banned for too many invalid commands.
[1064] (Debug) End of conversation
So when exactly does the connection drop in this case? The log file at least implies to me that all the RCPT commands bogus as they are should never have been processed. NO PTR, also found in SpamCop, once allowed to "continue" finally banned for too many invalid commands (recipients)
(logged after the "RCPT TO:<yvonne..." in the debug log, so on the 4th invalid receipt)
and this one did not seem to find itself on the "list"
seems like the system responds with a lot of 550 before that last one says 554
(not they have also told us there will be not PTR in their EHLO "no-reverse-dns" )
even though this particular sequence should have tripped I believe based on the "Reject senders without PTR" before even accepting the RCPT it did not appear to do that. .
the next setting "Connection Dropping" Drop at 3 - add to denied (checked) there is nothing here that indicates it dropped the connection and it did not add it to the blocked list.
51.52.243.18 EHLO EHLO no-reverse-dns.metronet-uk.com 250-(masked).com [51.52.243.18], this server offers 5 extensions 164 37
51.52.243.18 MAIL MAIL FROM:<pviom0g8lnlw@bhc-int.cz> 250 Requested mail action okay, completed 43 37
51.52.243.18 RCPT RCPT TO:<bqg0w0b70rxfl@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 3123
51.52.243.18 RCPT RCPT TO:<katherine@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<johnny@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<yvonne@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
** debug log starts showing Unauthenticated IP address 51.52.243.18 banned for too many invalid commands. and does so for all remaining RCPT
51.52.243.18 RCPT RCPT TO:<lily@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<ellen@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<vip@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<jd@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<segreteria@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<info1@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<gustavo@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<roy@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<isaac@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<6ziyb0z4bu2y46@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<nicholas@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<recruiting@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<manuel@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<jsmith@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<anonymous@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<albert@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<ukbbq2xh4u7l@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<jeffrey@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<andres@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<andrey@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<dw3ambyo2oj38@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<mustafa@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<leah@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<r37rnhtpymc5@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<voicemail@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<irene@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<trevor@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<mb@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<x3r66ez7r0v5@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<ethan@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<ross@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<tv@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<molly@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<sophia@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<omar@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<francisco@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<joanna@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<silvia@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<contracts@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<ml@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<rahul@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<mariana@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<guest@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<arthur@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<aem8g31dlfl5ua@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<bills@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<felix@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<x5nkz5hwa6trx@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<chelsea@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<cody@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<dawn@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<copier@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<sa@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<b@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<karina@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<sally@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<joy@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<wholesale@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<operaciones@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<fbl@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<joey@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<donations@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<dm@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<valerie@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<lynn@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<nfe@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<zoe@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<t@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<tanaka@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<brent@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<alejandro@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<technical@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<sk@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<company@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<grant@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<elaine@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<marta@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<jasmine@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<esther@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<aj@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<registrar@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<tammy@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<renee@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<mia@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<alyssa@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<reg@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<facturas@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<majordomo@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<stuart@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<sklad@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<backoffice@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<marcos@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<alexandre@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<simone@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<w1w40rj44fc5@(masked).com> 550 Requested action not taken: mailbox unavailable or not local. 67 0
51.52.243.18 RCPT RCPT TO:<fb@(masked).com> 554 This server requires PTR for unauthenticated connections. 63 0
at the of this sequence in the associated debug log it finishes with:
[1064] Message marked as spam: (51.52.243.18) was found in DNSBL Spamcop.
[1064] Recipient Denied: (51.52.243.18) has no PTR. Result 9003.
Unauthenticated IP address 51.52.243.18 banned for too many invalid commands.
Unauthenticated IP address 51.52.243.18 banned for too many invalid commands.
[1064] (Debug) End of conversation
So when exactly does the connection drop in this case? The log file at least implies to me that all the RCPT commands bogus as they are should never have been processed. NO PTR, also found in SpamCop, once allowed to "continue" finally banned for too many invalid commands (recipients)
(logged after the "RCPT TO:<yvonne..." in the debug log, so on the 4th invalid receipt)
and this one did not seem to find itself on the "list"
- Attachments
-
- Screen Shot 2023-08-31 at 11.34.39 AM.png (20.86 KiB) Viewed 10583 times
-
- Screen Shot 2023-08-31 at 11.29.55 AM.png (23.93 KiB) Viewed 10583 times
-
- Screen Shot 2023-08-31 at 11.29.36 AM.png (10.07 KiB) Viewed 10583 times
Re: DDos Attack problem
More info : https://www.mailenable.com/forum/viewtopic.php?f=5&t=44704
- Manage Windows Firewall (Auto Prevention SMTP,POP,IMAP, FTP,MySql,MariaDb,RDP....)
- Can Block Country IP range
- Can Block Country Company by ASN
- Plugin for use Windows Defender in MailEnable as Antivirus
- Plugin Advanced AntiSpam in MailEnable
- Manage CloudFlare Firewall Rules and Settings
- Manage CloudFlare DNS from Plesk
- Manage MailEnable SMTP, POP blocked list
- Advanced MailEnable Settings by each version Edition
- Manage Windows Firewall (Auto Prevention SMTP,POP,IMAP, FTP,MySql,MariaDb,RDP....)
- Can Block Country IP range
- Can Block Country Company by ASN
- Plugin for use Windows Defender in MailEnable as Antivirus
- Plugin Advanced AntiSpam in MailEnable
- Manage CloudFlare Firewall Rules and Settings
- Manage CloudFlare DNS from Plesk
- Manage MailEnable SMTP, POP blocked list
- Advanced MailEnable Settings by each version Edition
-
Admin
- Site Admin
- Posts: 1093
- Joined: Mon Jun 10, 2002 6:31 pm
- Location: Melbourne, Victoria, Australia
Re: DDos Attack problem
The PTR would only be checked if a recipient is valid, before that it is already not accepting it, so it doesn't do a lot of checks since they are not needed. The problem is the SMTP service is iterating through the recipients sent before the connection is dropped, since the client sent a block of recipients - so it logs all the ones received, even though it banned it earlier. We've made it avoid this in the next minor update, and if you wanted you can download an SMTP update at:
https://www.mailenable.com/hotfix/MESMTPC_64.zip
To install:
1) Stop the SMTP service
2) Rename the Mail Enable\bin64\MESMTPC.EXE file so you can roll back this hotfix
3) Extract the zip file from the link above to the Mail Enable\bin64 directory
4) Start the SMTP service
https://www.mailenable.com/hotfix/MESMTPC_64.zip
To install:
1) Stop the SMTP service
2) Rename the Mail Enable\bin64\MESMTPC.EXE file so you can roll back this hotfix
3) Extract the zip file from the link above to the Mail Enable\bin64 directory
4) Start the SMTP service
